lkft/linux-next-master - next-20250625 - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper

Date

June 25, 2025, 8:08 a.m.

Environment
qemu-arm64
qemu-x86_64

[   26.455606] ==================================================================
[   26.455658] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   26.455709] Write of size 1 at addr fff00000c470f6d0 by task kunit_try_catch/170
[   26.455768] 
[   26.455803] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250625 #1 PREEMPT 
[   26.455883] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.455909] Hardware name: linux,dummy-virt (DT)
[   26.455938] Call trace:
[   26.455958]  show_stack+0x20/0x38 (C)
[   26.456254]  dump_stack_lvl+0x8c/0xd0
[   26.456371]  print_report+0x118/0x608
[   26.456496]  kasan_report+0xdc/0x128
[   26.456601]  __asan_report_store1_noabort+0x20/0x30
[   26.456692]  krealloc_less_oob_helper+0xb9c/0xc50
[   26.456782]  krealloc_less_oob+0x20/0x38
[   26.456834]  kunit_try_run_case+0x170/0x3f0
[   26.456882]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.456933]  kthread+0x328/0x630
[   26.457161]  ret_from_fork+0x10/0x20
[   26.457358] 
[   26.457503] Allocated by task 170:
[   26.457603]  kasan_save_stack+0x3c/0x68
[   26.457679]  kasan_save_track+0x20/0x40
[   26.457716]  kasan_save_alloc_info+0x40/0x58
[   26.457816]  __kasan_krealloc+0x118/0x178
[   26.458119]  krealloc_noprof+0x128/0x360
[   26.458266]  krealloc_less_oob_helper+0x168/0xc50
[   26.458390]  krealloc_less_oob+0x20/0x38
[   26.458537]  kunit_try_run_case+0x170/0x3f0
[   26.458596]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.458638]  kthread+0x328/0x630
[   26.459042]  ret_from_fork+0x10/0x20
[   26.459125] 
[   26.459163] The buggy address belongs to the object at fff00000c470f600
[   26.459163]  which belongs to the cache kmalloc-256 of size 256
[   26.459250] The buggy address is located 7 bytes to the right of
[   26.459250]  allocated 201-byte region [fff00000c470f600, fff00000c470f6c9)
[   26.459575] 
[   26.459677] The buggy address belongs to the physical page:
[   26.459773] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10470e
[   26.459825] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.459891] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   26.459941] page_type: f5(slab)
[   26.459978] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   26.460035] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.460083] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   26.460145] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.460192] head: 0bfffe0000000001 ffffc1ffc311c381 00000000ffffffff 00000000ffffffff
[   26.460252] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   26.460306] page dumped because: kasan: bad access detected
[   26.460345] 
[   26.460362] Memory state around the buggy address:
[   26.460391]  fff00000c470f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.460442]  fff00000c470f600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.460483] >fff00000c470f680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   26.460519]                                                  ^
[   26.460563]  fff00000c470f700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.460614]  fff00000c470f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.460650] ==================================================================
[   26.511476] ==================================================================
[   26.511519] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   26.511561] Write of size 1 at addr fff00000c78260ea by task kunit_try_catch/174
[   26.511606] 
[   26.511632] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250625 #1 PREEMPT 
[   26.511709] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.511740] Hardware name: linux,dummy-virt (DT)
[   26.511778] Call trace:
[   26.511804]  show_stack+0x20/0x38 (C)
[   26.511848]  dump_stack_lvl+0x8c/0xd0
[   26.511902]  print_report+0x118/0x608
[   26.512851]  kasan_report+0xdc/0x128
[   26.512937]  __asan_report_store1_noabort+0x20/0x30
[   26.513031]  krealloc_less_oob_helper+0xae4/0xc50
[   26.513119]  krealloc_large_less_oob+0x20/0x38
[   26.513223]  kunit_try_run_case+0x170/0x3f0
[   26.513459]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.513596]  kthread+0x328/0x630
[   26.513640]  ret_from_fork+0x10/0x20
[   26.513999] 
[   26.514183] The buggy address belongs to the physical page:
[   26.514263] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107824
[   26.514511] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.514577] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   26.514760] page_type: f8(unknown)
[   26.514860] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   26.515015] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.515195] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   26.515370] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.515503] head: 0bfffe0000000002 ffffc1ffc31e0901 00000000ffffffff 00000000ffffffff
[   26.515944] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   26.516017] page dumped because: kasan: bad access detected
[   26.516113] 
[   26.516167] Memory state around the buggy address:
[   26.516220]  fff00000c7825f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.516262]  fff00000c7826000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.516302] >fff00000c7826080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   26.516552]                                                           ^
[   26.516732]  fff00000c7826100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.517183]  fff00000c7826180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.517503] ==================================================================
[   26.518984] ==================================================================
[   26.519028] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   26.519227] Write of size 1 at addr fff00000c78260eb by task kunit_try_catch/174
[   26.519288] 
[   26.519370] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250625 #1 PREEMPT 
[   26.519640] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.519736] Hardware name: linux,dummy-virt (DT)
[   26.519814] Call trace:
[   26.519874]  show_stack+0x20/0x38 (C)
[   26.519981]  dump_stack_lvl+0x8c/0xd0
[   26.520028]  print_report+0x118/0x608
[   26.520453]  kasan_report+0xdc/0x128
[   26.520678]  __asan_report_store1_noabort+0x20/0x30
[   26.520906]  krealloc_less_oob_helper+0xa58/0xc50
[   26.520980]  krealloc_large_less_oob+0x20/0x38
[   26.521299]  kunit_try_run_case+0x170/0x3f0
[   26.521542]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.521801]  kthread+0x328/0x630
[   26.521857]  ret_from_fork+0x10/0x20
[   26.522125] 
[   26.522295] The buggy address belongs to the physical page:
[   26.522452] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107824
[   26.522555] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.522628] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   26.522863] page_type: f8(unknown)
[   26.523024] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   26.523145] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.523273] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   26.523462] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.523632] head: 0bfffe0000000002 ffffc1ffc31e0901 00000000ffffffff 00000000ffffffff
[   26.523713] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   26.523930] page dumped because: kasan: bad access detected
[   26.524177] 
[   26.524231] Memory state around the buggy address:
[   26.524276]  fff00000c7825f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.524827]  fff00000c7826000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.525270] >fff00000c7826080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   26.525316]                                                           ^
[   26.525741]  fff00000c7826100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.525895]  fff00000c7826180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.526167] ==================================================================
[   26.502134] ==================================================================
[   26.502176] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50
[   26.502330] Write of size 1 at addr fff00000c78260d0 by task kunit_try_catch/174
[   26.502603] 
[   26.502700] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250625 #1 PREEMPT 
[   26.502783] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.502907] Hardware name: linux,dummy-virt (DT)
[   26.502969] Call trace:
[   26.503007]  show_stack+0x20/0x38 (C)
[   26.503155]  dump_stack_lvl+0x8c/0xd0
[   26.503209]  print_report+0x118/0x608
[   26.503352]  kasan_report+0xdc/0x128
[   26.503414]  __asan_report_store1_noabort+0x20/0x30
[   26.503461]  krealloc_less_oob_helper+0xb9c/0xc50
[   26.503769]  krealloc_large_less_oob+0x20/0x38
[   26.503866]  kunit_try_run_case+0x170/0x3f0
[   26.503975]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.504097]  kthread+0x328/0x630
[   26.504220]  ret_from_fork+0x10/0x20
[   26.504265] 
[   26.504310] The buggy address belongs to the physical page:
[   26.504342] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107824
[   26.504635] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.504852] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   26.504983] page_type: f8(unknown)
[   26.505020] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   26.505348] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.505442] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   26.505563] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.505689] head: 0bfffe0000000002 ffffc1ffc31e0901 00000000ffffffff 00000000ffffffff
[   26.505865] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   26.505922] page dumped because: kasan: bad access detected
[   26.506052] 
[   26.506168] Memory state around the buggy address:
[   26.506204]  fff00000c7825f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.506249]  fff00000c7826000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.506366] >fff00000c7826080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   26.506425]                                                  ^
[   26.506459]  fff00000c7826100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.506499]  fff00000c7826180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.506536] ==================================================================
[   26.508666] ==================================================================
[   26.508844] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   26.508904] Write of size 1 at addr fff00000c78260da by task kunit_try_catch/174
[   26.508951] 
[   26.508980] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250625 #1 PREEMPT 
[   26.509069] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.509094] Hardware name: linux,dummy-virt (DT)
[   26.509122] Call trace:
[   26.509491]  show_stack+0x20/0x38 (C)
[   26.509614]  dump_stack_lvl+0x8c/0xd0
[   26.509673]  print_report+0x118/0x608
[   26.509913]  kasan_report+0xdc/0x128
[   26.510087]  __asan_report_store1_noabort+0x20/0x30
[   26.510224]  krealloc_less_oob_helper+0xa80/0xc50
[   26.510276]  krealloc_large_less_oob+0x20/0x38
[   26.510331]  kunit_try_run_case+0x170/0x3f0
[   26.510424]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.510479]  kthread+0x328/0x630
[   26.510520]  ret_from_fork+0x10/0x20
[   26.510574] 
[   26.510593] The buggy address belongs to the physical page:
[   26.510624] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107824
[   26.510673] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.510716] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   26.510769] page_type: f8(unknown)
[   26.510806] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   26.510863] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.510919] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   26.510967] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.511013] head: 0bfffe0000000002 ffffc1ffc31e0901 00000000ffffffff 00000000ffffffff
[   26.511059] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   26.511097] page dumped because: kasan: bad access detected
[   26.511125] 
[   26.511143] Memory state around the buggy address:
[   26.511171]  fff00000c7825f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.511211]  fff00000c7826000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.511259] >fff00000c7826080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   26.511295]                                                     ^
[   26.511329]  fff00000c7826100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.511368]  fff00000c7826180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.511424] ==================================================================
[   26.497726] ==================================================================
[   26.497822] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   26.497922] Write of size 1 at addr fff00000c78260c9 by task kunit_try_catch/174
[   26.498037] 
[   26.498069] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250625 #1 PREEMPT 
[   26.498154] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.498351] Hardware name: linux,dummy-virt (DT)
[   26.498406] Call trace:
[   26.498456]  show_stack+0x20/0x38 (C)
[   26.498532]  dump_stack_lvl+0x8c/0xd0
[   26.498645]  print_report+0x118/0x608
[   26.498701]  kasan_report+0xdc/0x128
[   26.498746]  __asan_report_store1_noabort+0x20/0x30
[   26.498809]  krealloc_less_oob_helper+0xa48/0xc50
[   26.498856]  krealloc_large_less_oob+0x20/0x38
[   26.498905]  kunit_try_run_case+0x170/0x3f0
[   26.499080]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.499168]  kthread+0x328/0x630
[   26.499228]  ret_from_fork+0x10/0x20
[   26.499300] 
[   26.499339] The buggy address belongs to the physical page:
[   26.499407] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107824
[   26.499466] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.499570] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   26.499647] page_type: f8(unknown)
[   26.499701] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   26.499749] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.499907] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   26.499974] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   26.500258] head: 0bfffe0000000002 ffffc1ffc31e0901 00000000ffffffff 00000000ffffffff
[   26.500339] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   26.500377] page dumped because: kasan: bad access detected
[   26.500564] 
[   26.500583] Memory state around the buggy address:
[   26.500828]  fff00000c7825f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.500901]  fff00000c7826000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.500987] >fff00000c7826080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   26.501104]                                               ^
[   26.501138]  fff00000c7826100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.501324]  fff00000c7826180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   26.501470] ==================================================================
[   26.466552] ==================================================================
[   26.466640] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50
[   26.466690] Write of size 1 at addr fff00000c470f6ea by task kunit_try_catch/170
[   26.466737] 
[   26.466765] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250625 #1 PREEMPT 
[   26.466843] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.466868] Hardware name: linux,dummy-virt (DT)
[   26.466917] Call trace:
[   26.467051]  show_stack+0x20/0x38 (C)
[   26.467133]  dump_stack_lvl+0x8c/0xd0
[   26.467266]  print_report+0x118/0x608
[   26.467354]  kasan_report+0xdc/0x128
[   26.467413]  __asan_report_store1_noabort+0x20/0x30
[   26.467730]  krealloc_less_oob_helper+0xae4/0xc50
[   26.467790]  krealloc_less_oob+0x20/0x38
[   26.467944]  kunit_try_run_case+0x170/0x3f0
[   26.468228]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.468380]  kthread+0x328/0x630
[   26.468562]  ret_from_fork+0x10/0x20
[   26.468681] 
[   26.468749] Allocated by task 170:
[   26.468865]  kasan_save_stack+0x3c/0x68
[   26.468934]  kasan_save_track+0x20/0x40
[   26.469092]  kasan_save_alloc_info+0x40/0x58
[   26.469186]  __kasan_krealloc+0x118/0x178
[   26.469226]  krealloc_noprof+0x128/0x360
[   26.469261]  krealloc_less_oob_helper+0x168/0xc50
[   26.469299]  krealloc_less_oob+0x20/0x38
[   26.469438]  kunit_try_run_case+0x170/0x3f0
[   26.469593]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.469638]  kthread+0x328/0x630
[   26.469886]  ret_from_fork+0x10/0x20
[   26.469935] 
[   26.470022] The buggy address belongs to the object at fff00000c470f600
[   26.470022]  which belongs to the cache kmalloc-256 of size 256
[   26.470149] The buggy address is located 33 bytes to the right of
[   26.470149]  allocated 201-byte region [fff00000c470f600, fff00000c470f6c9)
[   26.470232] 
[   26.470259] The buggy address belongs to the physical page:
[   26.470356] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10470e
[   26.470481] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.470863] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   26.471026] page_type: f5(slab)
[   26.471111] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   26.471220] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.471317] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   26.471470] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.471584] head: 0bfffe0000000001 ffffc1ffc311c381 00000000ffffffff 00000000ffffffff
[   26.471634] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   26.471847] page dumped because: kasan: bad access detected
[   26.471893] 
[   26.471910] Memory state around the buggy address:
[   26.472030]  fff00000c470f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.472072]  fff00000c470f600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.472113] >fff00000c470f680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   26.472148]                                                           ^
[   26.472420]  fff00000c470f700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.472648]  fff00000c470f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.472792] ==================================================================
[   26.461556] ==================================================================
[   26.461628] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50
[   26.461706] Write of size 1 at addr fff00000c470f6da by task kunit_try_catch/170
[   26.461780] 
[   26.461827] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250625 #1 PREEMPT 
[   26.461907] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.461977] Hardware name: linux,dummy-virt (DT)
[   26.462123] Call trace:
[   26.462151]  show_stack+0x20/0x38 (C)
[   26.462247]  dump_stack_lvl+0x8c/0xd0
[   26.462314]  print_report+0x118/0x608
[   26.462360]  kasan_report+0xdc/0x128
[   26.462436]  __asan_report_store1_noabort+0x20/0x30
[   26.462496]  krealloc_less_oob_helper+0xa80/0xc50
[   26.462560]  krealloc_less_oob+0x20/0x38
[   26.462605]  kunit_try_run_case+0x170/0x3f0
[   26.462651]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.462701]  kthread+0x328/0x630
[   26.462909]  ret_from_fork+0x10/0x20
[   26.462961] 
[   26.462979] Allocated by task 170:
[   26.463038]  kasan_save_stack+0x3c/0x68
[   26.463114]  kasan_save_track+0x20/0x40
[   26.463161]  kasan_save_alloc_info+0x40/0x58
[   26.463237]  __kasan_krealloc+0x118/0x178
[   26.463284]  krealloc_noprof+0x128/0x360
[   26.463320]  krealloc_less_oob_helper+0x168/0xc50
[   26.463376]  krealloc_less_oob+0x20/0x38
[   26.463425]  kunit_try_run_case+0x170/0x3f0
[   26.463460]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.463713]  kthread+0x328/0x630
[   26.463804]  ret_from_fork+0x10/0x20
[   26.463862] 
[   26.463963] The buggy address belongs to the object at fff00000c470f600
[   26.463963]  which belongs to the cache kmalloc-256 of size 256
[   26.464071] The buggy address is located 17 bytes to the right of
[   26.464071]  allocated 201-byte region [fff00000c470f600, fff00000c470f6c9)
[   26.464170] 
[   26.464197] The buggy address belongs to the physical page:
[   26.464255] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10470e
[   26.464305] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.464349] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   26.464407] page_type: f5(slab)
[   26.464443] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   26.464490] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.464538] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   26.464725] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.464832] head: 0bfffe0000000001 ffffc1ffc311c381 00000000ffffffff 00000000ffffffff
[   26.464925] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   26.465022] page dumped because: kasan: bad access detected
[   26.465074] 
[   26.465156] Memory state around the buggy address:
[   26.465205]  fff00000c470f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.465246]  fff00000c470f600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.465503] >fff00000c470f680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   26.465623]                                                     ^
[   26.465708]  fff00000c470f700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.465766]  fff00000c470f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.465810] ==================================================================
[   26.447407] ==================================================================
[   26.447819] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50
[   26.447903] Write of size 1 at addr fff00000c470f6c9 by task kunit_try_catch/170
[   26.448008] 
[   26.448088] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250625 #1 PREEMPT 
[   26.448191] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.448216] Hardware name: linux,dummy-virt (DT)
[   26.448249] Call trace:
[   26.448272]  show_stack+0x20/0x38 (C)
[   26.448375]  dump_stack_lvl+0x8c/0xd0
[   26.448580]  print_report+0x118/0x608
[   26.448684]  kasan_report+0xdc/0x128
[   26.448730]  __asan_report_store1_noabort+0x20/0x30
[   26.448923]  krealloc_less_oob_helper+0xa48/0xc50
[   26.449068]  krealloc_less_oob+0x20/0x38
[   26.449209]  kunit_try_run_case+0x170/0x3f0
[   26.449329]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.449464]  kthread+0x328/0x630
[   26.449613]  ret_from_fork+0x10/0x20
[   26.449700] 
[   26.449782] Allocated by task 170:
[   26.449869]  kasan_save_stack+0x3c/0x68
[   26.449999]  kasan_save_track+0x20/0x40
[   26.450092]  kasan_save_alloc_info+0x40/0x58
[   26.450179]  __kasan_krealloc+0x118/0x178
[   26.450301]  krealloc_noprof+0x128/0x360
[   26.450340]  krealloc_less_oob_helper+0x168/0xc50
[   26.450411]  krealloc_less_oob+0x20/0x38
[   26.450446]  kunit_try_run_case+0x170/0x3f0
[   26.450495]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.450747]  kthread+0x328/0x630
[   26.450845]  ret_from_fork+0x10/0x20
[   26.450970] 
[   26.451030] The buggy address belongs to the object at fff00000c470f600
[   26.451030]  which belongs to the cache kmalloc-256 of size 256
[   26.451104] The buggy address is located 0 bytes to the right of
[   26.451104]  allocated 201-byte region [fff00000c470f600, fff00000c470f6c9)
[   26.451327] 
[   26.451602] The buggy address belongs to the physical page:
[   26.451723] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10470e
[   26.451797] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.451843] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   26.452218] page_type: f5(slab)
[   26.452322] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   26.452371] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.452578] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   26.452798] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.452915] head: 0bfffe0000000001 ffffc1ffc311c381 00000000ffffffff 00000000ffffffff
[   26.453076] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   26.453135] page dumped because: kasan: bad access detected
[   26.453427] 
[   26.453521] Memory state around the buggy address:
[   26.453581]  fff00000c470f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.453656]  fff00000c470f600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.453762] >fff00000c470f680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   26.453799]                                               ^
[   26.453878]  fff00000c470f700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.454164]  fff00000c470f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.454325] ==================================================================
[   26.473634] ==================================================================
[   26.473729] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50
[   26.473799] Write of size 1 at addr fff00000c470f6eb by task kunit_try_catch/170
[   26.473873] 
[   26.473902] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250625 #1 PREEMPT 
[   26.473981] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.474012] Hardware name: linux,dummy-virt (DT)
[   26.474042] Call trace:
[   26.474062]  show_stack+0x20/0x38 (C)
[   26.474117]  dump_stack_lvl+0x8c/0xd0
[   26.474173]  print_report+0x118/0x608
[   26.474219]  kasan_report+0xdc/0x128
[   26.474262]  __asan_report_store1_noabort+0x20/0x30
[   26.474308]  krealloc_less_oob_helper+0xa58/0xc50
[   26.474355]  krealloc_less_oob+0x20/0x38
[   26.474410]  kunit_try_run_case+0x170/0x3f0
[   26.474457]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.474507]  kthread+0x328/0x630
[   26.474549]  ret_from_fork+0x10/0x20
[   26.474595] 
[   26.474618] Allocated by task 170:
[   26.474645]  kasan_save_stack+0x3c/0x68
[   26.474693]  kasan_save_track+0x20/0x40
[   26.474730]  kasan_save_alloc_info+0x40/0x58
[   26.474771]  __kasan_krealloc+0x118/0x178
[   26.474808]  krealloc_noprof+0x128/0x360
[   26.474844]  krealloc_less_oob_helper+0x168/0xc50
[   26.474882]  krealloc_less_oob+0x20/0x38
[   26.474917]  kunit_try_run_case+0x170/0x3f0
[   26.474961]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.475004]  kthread+0x328/0x630
[   26.475035]  ret_from_fork+0x10/0x20
[   26.475069] 
[   26.475087] The buggy address belongs to the object at fff00000c470f600
[   26.475087]  which belongs to the cache kmalloc-256 of size 256
[   26.475146] The buggy address is located 34 bytes to the right of
[   26.475146]  allocated 201-byte region [fff00000c470f600, fff00000c470f6c9)
[   26.475207] 
[   26.475225] The buggy address belongs to the physical page:
[   26.475254] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10470e
[   26.475310] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.475363] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   26.475422] page_type: f5(slab)
[   26.475461] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   26.475640] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.475695] head: 0bfffe0000000040 fff00000c0001b40 dead000000000100 dead000000000122
[   26.475741] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.476028] head: 0bfffe0000000001 ffffc1ffc311c381 00000000ffffffff 00000000ffffffff
[   26.476130] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   26.476169] page dumped because: kasan: bad access detected
[   26.476199] 
[   26.476284] Memory state around the buggy address:
[   26.476333]  fff00000c470f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.476375]  fff00000c470f600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.476425] >fff00000c470f680: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   26.476461]                                                           ^
[   26.476496]  fff00000c470f700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.476536]  fff00000c470f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.476574] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2yzYOk343WUC6Wpt3myROi1ycEp

job_id

TEST:linaro@lkft#2yzYUHdREalZeVuTYEtZ0Vg4zyC

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yzYUHdREalZeVuTYEtZ0Vg4zyC

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yzYQLBlrPZKRLNAwKs2gdkoA38/Image.gz
sha256sum	ecffa73d9c53e178bc58f77e3a2aaadac22dbb2340351d938f09d8930cf3c815

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/arm64/rootfs.ext4.xz
sha256sum	1eaaae772692e22cefec5345d642e254407cec1431dd51a20007af2a1819b610

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yzYQLBlrPZKRLNAwKs2gdkoA38/modules.tar.xz
sha256sum	d909e31b2675c9cfa4c6c68cb67b8b55a898f72165169b4030348d19c0ca4f80

durations

tests

boot	0
kunit	168.59

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   21.605093] ==================================================================
[   21.605383] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   21.606285] Write of size 1 at addr ffff88810038c8eb by task kunit_try_catch/187
[   21.606715] 
[   21.606820] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) 
[   21.606901] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.606913] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.606958] Call Trace:
[   21.606972]  <TASK>
[   21.606990]  dump_stack_lvl+0x73/0xb0
[   21.607018]  print_report+0xd1/0x650
[   21.607039]  ? __virt_addr_valid+0x1db/0x2d0
[   21.607061]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   21.607083]  ? kasan_complete_mode_report_info+0x2a/0x200
[   21.607106]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   21.607128]  kasan_report+0x141/0x180
[   21.607165]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   21.607191]  __asan_report_store1_noabort+0x1b/0x30
[   21.607214]  krealloc_less_oob_helper+0xd47/0x11d0
[   21.607237]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   21.607258]  ? finish_task_switch.isra.0+0x153/0x700
[   21.607279]  ? __switch_to+0x47/0xf50
[   21.607304]  ? __schedule+0x10cc/0x2b60
[   21.607327]  ? __pfx_read_tsc+0x10/0x10
[   21.607351]  krealloc_less_oob+0x1c/0x30
[   21.607370]  kunit_try_run_case+0x1a5/0x480
[   21.607396]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.607435]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.607454]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.607477]  ? __kthread_parkme+0x82/0x180
[   21.607512]  ? preempt_count_sub+0x50/0x80
[   21.607534]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.607556]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.607578]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.607599]  kthread+0x337/0x6f0
[   21.607617]  ? trace_preempt_on+0x20/0xc0
[   21.607640]  ? __pfx_kthread+0x10/0x10
[   21.607659]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.607681]  ? calculate_sigpending+0x7b/0xa0
[   21.607703]  ? __pfx_kthread+0x10/0x10
[   21.607722]  ret_from_fork+0x116/0x1d0
[   21.607739]  ? __pfx_kthread+0x10/0x10
[   21.607758]  ret_from_fork_asm+0x1a/0x30
[   21.607786]  </TASK>
[   21.607796] 
[   21.615037] Allocated by task 187:
[   21.615308]  kasan_save_stack+0x45/0x70
[   21.615562]  kasan_save_track+0x18/0x40
[   21.615774]  kasan_save_alloc_info+0x3b/0x50
[   21.615976]  __kasan_krealloc+0x190/0x1f0
[   21.616196]  krealloc_noprof+0xf3/0x340
[   21.616360]  krealloc_less_oob_helper+0x1aa/0x11d0
[   21.616577]  krealloc_less_oob+0x1c/0x30
[   21.616760]  kunit_try_run_case+0x1a5/0x480
[   21.616964]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.617184]  kthread+0x337/0x6f0
[   21.617413]  ret_from_fork+0x116/0x1d0
[   21.617579]  ret_from_fork_asm+0x1a/0x30
[   21.617727] 
[   21.617814] The buggy address belongs to the object at ffff88810038c800
[   21.617814]  which belongs to the cache kmalloc-256 of size 256
[   21.618377] The buggy address is located 34 bytes to the right of
[   21.618377]  allocated 201-byte region [ffff88810038c800, ffff88810038c8c9)
[   21.618850] 
[   21.618950] The buggy address belongs to the physical page:
[   21.619212] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10038c
[   21.619566] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.619869] flags: 0x200000000000040(head|node=0|zone=2)
[   21.620142] page_type: f5(slab)
[   21.620273] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   21.620606] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.620917] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   21.621338] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.621640] head: 0200000000000001 ffffea000400e301 00000000ffffffff 00000000ffffffff
[   21.622003] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   21.622341] page dumped because: kasan: bad access detected
[   21.622642] 
[   21.622730] Memory state around the buggy address:
[   21.622997]  ffff88810038c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.623301]  ffff88810038c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.623599] >ffff88810038c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   21.623854]                                                           ^
[   21.624050]  ffff88810038c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.624253]  ffff88810038c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.624460] ==================================================================
[   21.742038] ==================================================================
[   21.742354] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0
[   21.742678] Write of size 1 at addr ffff88810291e0eb by task kunit_try_catch/191
[   21.743065] 
[   21.743295] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) 
[   21.743365] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.743377] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.743396] Call Trace:
[   21.743426]  <TASK>
[   21.743440]  dump_stack_lvl+0x73/0xb0
[   21.743464]  print_report+0xd1/0x650
[   21.743483]  ? __virt_addr_valid+0x1db/0x2d0
[   21.743505]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   21.743527]  ? kasan_addr_to_slab+0x11/0xa0
[   21.743545]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   21.743566]  kasan_report+0x141/0x180
[   21.743607]  ? krealloc_less_oob_helper+0xd47/0x11d0
[   21.743632]  __asan_report_store1_noabort+0x1b/0x30
[   21.743655]  krealloc_less_oob_helper+0xd47/0x11d0
[   21.743678]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   21.743700]  ? irqentry_exit+0x2a/0x60
[   21.743718]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   21.743746]  krealloc_large_less_oob+0x1c/0x30
[   21.743766]  kunit_try_run_case+0x1a5/0x480
[   21.743790]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.743843]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.743864]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.743963]  ? __kthread_parkme+0x82/0x180
[   21.743997]  ? preempt_count_sub+0x50/0x80
[   21.744018]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.744041]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.744077]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.744112]  kthread+0x337/0x6f0
[   21.744130]  ? trace_preempt_on+0x20/0xc0
[   21.744164]  ? __pfx_kthread+0x10/0x10
[   21.744196]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.744218]  ? calculate_sigpending+0x7b/0xa0
[   21.744240]  ? __pfx_kthread+0x10/0x10
[   21.744260]  ret_from_fork+0x116/0x1d0
[   21.744278]  ? __pfx_kthread+0x10/0x10
[   21.744306]  ret_from_fork_asm+0x1a/0x30
[   21.744342]  </TASK>
[   21.744352] 
[   21.752736] The buggy address belongs to the physical page:
[   21.753449] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10291c
[   21.753814] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.754416] flags: 0x200000000000040(head|node=0|zone=2)
[   21.754714] page_type: f8(unknown)
[   21.755241] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.755548] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   21.755852] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.756108] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   21.756586] head: 0200000000000002 ffffea00040a4701 00000000ffffffff 00000000ffffffff
[   21.757049] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   21.757290] page dumped because: kasan: bad access detected
[   21.757645] 
[   21.757757] Memory state around the buggy address:
[   21.758023]  ffff88810291df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.758360]  ffff88810291e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.758610] >ffff88810291e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   21.758951]                                                           ^
[   21.759307]  ffff88810291e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.759628]  ffff88810291e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.760115] ==================================================================
[   21.671956] ==================================================================
[   21.672510] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   21.672814] Write of size 1 at addr ffff88810291e0c9 by task kunit_try_catch/191
[   21.673290] 
[   21.673389] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) 
[   21.673436] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.673448] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.673611] Call Trace:
[   21.673655]  <TASK>
[   21.673671]  dump_stack_lvl+0x73/0xb0
[   21.673700]  print_report+0xd1/0x650
[   21.673720]  ? __virt_addr_valid+0x1db/0x2d0
[   21.673743]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   21.673764]  ? kasan_addr_to_slab+0x11/0xa0
[   21.673783]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   21.673805]  kasan_report+0x141/0x180
[   21.673825]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   21.673850]  __asan_report_store1_noabort+0x1b/0x30
[   21.673872]  krealloc_less_oob_helper+0xd70/0x11d0
[   21.673895]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   21.673917]  ? irqentry_exit+0x2a/0x60
[   21.673996]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   21.674025]  krealloc_large_less_oob+0x1c/0x30
[   21.674045]  kunit_try_run_case+0x1a5/0x480
[   21.674071]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.674092]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.674111]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.674135]  ? __kthread_parkme+0x82/0x180
[   21.674154]  ? preempt_count_sub+0x50/0x80
[   21.674176]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.674198]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.674220]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.674242]  kthread+0x337/0x6f0
[   21.674259]  ? trace_preempt_on+0x20/0xc0
[   21.674282]  ? __pfx_kthread+0x10/0x10
[   21.674301]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.674322]  ? calculate_sigpending+0x7b/0xa0
[   21.674344]  ? __pfx_kthread+0x10/0x10
[   21.674364]  ret_from_fork+0x116/0x1d0
[   21.674382]  ? __pfx_kthread+0x10/0x10
[   21.674401]  ret_from_fork_asm+0x1a/0x30
[   21.674430]  </TASK>
[   21.674440] 
[   21.682005] The buggy address belongs to the physical page:
[   21.682314] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10291c
[   21.682538] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.683077] flags: 0x200000000000040(head|node=0|zone=2)
[   21.683366] page_type: f8(unknown)
[   21.683617] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.684166] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   21.684530] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.684964] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   21.685460] head: 0200000000000002 ffffea00040a4701 00000000ffffffff 00000000ffffffff
[   21.685758] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   21.686256] page dumped because: kasan: bad access detected
[   21.686564] 
[   21.686630] Memory state around the buggy address:
[   21.686830]  ffff88810291df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.687074]  ffff88810291e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.687274] >ffff88810291e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   21.687611]                                               ^
[   21.687914]  ffff88810291e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.688393]  ffff88810291e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.689127] ==================================================================
[   21.690243] ==================================================================
[   21.690613] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   21.691356] Write of size 1 at addr ffff88810291e0d0 by task kunit_try_catch/191
[   21.691813] 
[   21.692148] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) 
[   21.692198] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.692210] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.692229] Call Trace:
[   21.692244]  <TASK>
[   21.692258]  dump_stack_lvl+0x73/0xb0
[   21.692283]  print_report+0xd1/0x650
[   21.692303]  ? __virt_addr_valid+0x1db/0x2d0
[   21.692324]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   21.692356]  ? kasan_addr_to_slab+0x11/0xa0
[   21.692375]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   21.692396]  kasan_report+0x141/0x180
[   21.692416]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   21.692442]  __asan_report_store1_noabort+0x1b/0x30
[   21.692466]  krealloc_less_oob_helper+0xe23/0x11d0
[   21.692490]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   21.692512]  ? irqentry_exit+0x2a/0x60
[   21.692530]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   21.692558]  krealloc_large_less_oob+0x1c/0x30
[   21.692578]  kunit_try_run_case+0x1a5/0x480
[   21.692603]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.692624]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.692643]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.692666]  ? __kthread_parkme+0x82/0x180
[   21.692685]  ? preempt_count_sub+0x50/0x80
[   21.692706]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.692728]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.692750]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.692772]  kthread+0x337/0x6f0
[   21.692790]  ? trace_preempt_on+0x20/0xc0
[   21.692814]  ? __pfx_kthread+0x10/0x10
[   21.692832]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.692854]  ? calculate_sigpending+0x7b/0xa0
[   21.692876]  ? __pfx_kthread+0x10/0x10
[   21.692895]  ret_from_fork+0x116/0x1d0
[   21.692913]  ? __pfx_kthread+0x10/0x10
[   21.692931]  ret_from_fork_asm+0x1a/0x30
[   21.692970]  </TASK>
[   21.692980] 
[   21.700518] The buggy address belongs to the physical page:
[   21.700697] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10291c
[   21.701223] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.701555] flags: 0x200000000000040(head|node=0|zone=2)
[   21.702258] page_type: f8(unknown)
[   21.702511] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.702839] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   21.703219] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.703554] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   21.703776] head: 0200000000000002 ffffea00040a4701 00000000ffffffff 00000000ffffffff
[   21.704008] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   21.704543] page dumped because: kasan: bad access detected
[   21.704885] 
[   21.705005] Memory state around the buggy address:
[   21.705258]  ffff88810291df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.705651]  ffff88810291e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.706039] >ffff88810291e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   21.706351]                                                  ^
[   21.706611]  ffff88810291e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.706832]  ffff88810291e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.707161] ==================================================================
[   21.582132] ==================================================================
[   21.582424] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   21.582700] Write of size 1 at addr ffff88810038c8ea by task kunit_try_catch/187
[   21.582929] 
[   21.583060] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) 
[   21.583106] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.583117] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.583321] Call Trace:
[   21.583347]  <TASK>
[   21.583366]  dump_stack_lvl+0x73/0xb0
[   21.583395]  print_report+0xd1/0x650
[   21.583416]  ? __virt_addr_valid+0x1db/0x2d0
[   21.583438]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   21.583459]  ? kasan_complete_mode_report_info+0x2a/0x200
[   21.583483]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   21.583505]  kasan_report+0x141/0x180
[   21.583525]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   21.583550]  __asan_report_store1_noabort+0x1b/0x30
[   21.583572]  krealloc_less_oob_helper+0xe90/0x11d0
[   21.583596]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   21.583618]  ? finish_task_switch.isra.0+0x153/0x700
[   21.583639]  ? __switch_to+0x47/0xf50
[   21.583664]  ? __schedule+0x10cc/0x2b60
[   21.583687]  ? __pfx_read_tsc+0x10/0x10
[   21.583710]  krealloc_less_oob+0x1c/0x30
[   21.583729]  kunit_try_run_case+0x1a5/0x480
[   21.583754]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.583774]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.583793]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.583816]  ? __kthread_parkme+0x82/0x180
[   21.583834]  ? preempt_count_sub+0x50/0x80
[   21.583855]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.583877]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.583899]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.583920]  kthread+0x337/0x6f0
[   21.583950]  ? trace_preempt_on+0x20/0xc0
[   21.583972]  ? __pfx_kthread+0x10/0x10
[   21.583991]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.584012]  ? calculate_sigpending+0x7b/0xa0
[   21.584035]  ? __pfx_kthread+0x10/0x10
[   21.584054]  ret_from_fork+0x116/0x1d0
[   21.584071]  ? __pfx_kthread+0x10/0x10
[   21.584090]  ret_from_fork_asm+0x1a/0x30
[   21.584118]  </TASK>
[   21.584140] 
[   21.591506] Allocated by task 187:
[   21.591686]  kasan_save_stack+0x45/0x70
[   21.591881]  kasan_save_track+0x18/0x40
[   21.592078]  kasan_save_alloc_info+0x3b/0x50
[   21.592275]  __kasan_krealloc+0x190/0x1f0
[   21.592411]  krealloc_noprof+0xf3/0x340
[   21.592541]  krealloc_less_oob_helper+0x1aa/0x11d0
[   21.592691]  krealloc_less_oob+0x1c/0x30
[   21.592819]  kunit_try_run_case+0x1a5/0x480
[   21.592967]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.593403]  kthread+0x337/0x6f0
[   21.593567]  ret_from_fork+0x116/0x1d0
[   21.593745]  ret_from_fork_asm+0x1a/0x30
[   21.593930] 
[   21.594028] The buggy address belongs to the object at ffff88810038c800
[   21.594028]  which belongs to the cache kmalloc-256 of size 256
[   21.594928] The buggy address is located 33 bytes to the right of
[   21.594928]  allocated 201-byte region [ffff88810038c800, ffff88810038c8c9)
[   21.596277] 
[   21.596361] The buggy address belongs to the physical page:
[   21.596609] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10038c
[   21.597026] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.598401] flags: 0x200000000000040(head|node=0|zone=2)
[   21.598683] page_type: f5(slab)
[   21.598851] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   21.599590] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.600053] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   21.600382] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.600781] head: 0200000000000001 ffffea000400e301 00000000ffffffff 00000000ffffffff
[   21.601217] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   21.601538] page dumped because: kasan: bad access detected
[   21.601772] 
[   21.601855] Memory state around the buggy address:
[   21.602129]  ffff88810038c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.602447]  ffff88810038c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.602747] >ffff88810038c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   21.603172]                                                           ^
[   21.603452]  ffff88810038c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.603764]  ffff88810038c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.604383] ==================================================================
[   21.541308] ==================================================================
[   21.541655] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0
[   21.542081] Write of size 1 at addr ffff88810038c8d0 by task kunit_try_catch/187
[   21.542464] 
[   21.542548] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) 
[   21.542595] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.542606] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.542625] Call Trace:
[   21.542637]  <TASK>
[   21.542653]  dump_stack_lvl+0x73/0xb0
[   21.542680]  print_report+0xd1/0x650
[   21.542699]  ? __virt_addr_valid+0x1db/0x2d0
[   21.542722]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   21.542743]  ? kasan_complete_mode_report_info+0x2a/0x200
[   21.542766]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   21.542788]  kasan_report+0x141/0x180
[   21.542807]  ? krealloc_less_oob_helper+0xe23/0x11d0
[   21.542833]  __asan_report_store1_noabort+0x1b/0x30
[   21.542855]  krealloc_less_oob_helper+0xe23/0x11d0
[   21.542878]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   21.542899]  ? finish_task_switch.isra.0+0x153/0x700
[   21.542920]  ? __switch_to+0x47/0xf50
[   21.542957]  ? __schedule+0x10cc/0x2b60
[   21.542980]  ? __pfx_read_tsc+0x10/0x10
[   21.543003]  krealloc_less_oob+0x1c/0x30
[   21.543022]  kunit_try_run_case+0x1a5/0x480
[   21.543046]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.543067]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.543086]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.543109]  ? __kthread_parkme+0x82/0x180
[   21.543177]  ? preempt_count_sub+0x50/0x80
[   21.543198]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.543220]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.543243]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.543265]  kthread+0x337/0x6f0
[   21.543282]  ? trace_preempt_on+0x20/0xc0
[   21.543306]  ? __pfx_kthread+0x10/0x10
[   21.543325]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.543349]  ? calculate_sigpending+0x7b/0xa0
[   21.543372]  ? __pfx_kthread+0x10/0x10
[   21.543392]  ret_from_fork+0x116/0x1d0
[   21.543410]  ? __pfx_kthread+0x10/0x10
[   21.543428]  ret_from_fork_asm+0x1a/0x30
[   21.543456]  </TASK>
[   21.543466] 
[   21.550996] Allocated by task 187:
[   21.551122]  kasan_save_stack+0x45/0x70
[   21.551256]  kasan_save_track+0x18/0x40
[   21.551379]  kasan_save_alloc_info+0x3b/0x50
[   21.551517]  __kasan_krealloc+0x190/0x1f0
[   21.551645]  krealloc_noprof+0xf3/0x340
[   21.551774]  krealloc_less_oob_helper+0x1aa/0x11d0
[   21.551923]  krealloc_less_oob+0x1c/0x30
[   21.552490]  kunit_try_run_case+0x1a5/0x480
[   21.552713]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.553228]  kthread+0x337/0x6f0
[   21.553394]  ret_from_fork+0x116/0x1d0
[   21.553571]  ret_from_fork_asm+0x1a/0x30
[   21.553736] 
[   21.553859] The buggy address belongs to the object at ffff88810038c800
[   21.553859]  which belongs to the cache kmalloc-256 of size 256
[   21.554352] The buggy address is located 7 bytes to the right of
[   21.554352]  allocated 201-byte region [ffff88810038c800, ffff88810038c8c9)
[   21.554714] 
[   21.554777] The buggy address belongs to the physical page:
[   21.555248] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10038c
[   21.555612] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.555843] flags: 0x200000000000040(head|node=0|zone=2)
[   21.556042] page_type: f5(slab)
[   21.556262] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   21.556592] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.556861] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   21.557095] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.557714] head: 0200000000000001 ffffea000400e301 00000000ffffffff 00000000ffffffff
[   21.558050] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   21.558270] page dumped because: kasan: bad access detected
[   21.558491] 
[   21.558578] Memory state around the buggy address:
[   21.558797]  ffff88810038c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.559164]  ffff88810038c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.559478] >ffff88810038c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   21.559759]                                                  ^
[   21.560271]  ffff88810038c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.560494]  ffff88810038c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.560698] ==================================================================
[   21.707765] ==================================================================
[   21.708209] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   21.708666] Write of size 1 at addr ffff88810291e0da by task kunit_try_catch/191
[   21.709035] 
[   21.709141] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) 
[   21.709185] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.709196] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.709217] Call Trace:
[   21.709232]  <TASK>
[   21.709246]  dump_stack_lvl+0x73/0xb0
[   21.709271]  print_report+0xd1/0x650
[   21.709291]  ? __virt_addr_valid+0x1db/0x2d0
[   21.709312]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   21.709333]  ? kasan_addr_to_slab+0x11/0xa0
[   21.709352]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   21.709373]  kasan_report+0x141/0x180
[   21.709393]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   21.709418]  __asan_report_store1_noabort+0x1b/0x30
[   21.709440]  krealloc_less_oob_helper+0xec6/0x11d0
[   21.709486]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   21.709508]  ? irqentry_exit+0x2a/0x60
[   21.709527]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   21.709570]  krealloc_large_less_oob+0x1c/0x30
[   21.709591]  kunit_try_run_case+0x1a5/0x480
[   21.709617]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.709639]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.709658]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.709681]  ? __kthread_parkme+0x82/0x180
[   21.709700]  ? preempt_count_sub+0x50/0x80
[   21.709722]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.709744]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.709766]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.709788]  kthread+0x337/0x6f0
[   21.709806]  ? trace_preempt_on+0x20/0xc0
[   21.709827]  ? __pfx_kthread+0x10/0x10
[   21.709863]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.709897]  ? calculate_sigpending+0x7b/0xa0
[   21.709919]  ? __pfx_kthread+0x10/0x10
[   21.709960]  ret_from_fork+0x116/0x1d0
[   21.709992]  ? __pfx_kthread+0x10/0x10
[   21.710011]  ret_from_fork_asm+0x1a/0x30
[   21.710040]  </TASK>
[   21.710063] 
[   21.717869] The buggy address belongs to the physical page:
[   21.718192] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10291c
[   21.718604] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.719145] flags: 0x200000000000040(head|node=0|zone=2)
[   21.719349] page_type: f8(unknown)
[   21.719505] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.719754] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   21.720316] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.720629] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   21.721264] head: 0200000000000002 ffffea00040a4701 00000000ffffffff 00000000ffffffff
[   21.721638] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   21.721987] page dumped because: kasan: bad access detected
[   21.722227] 
[   21.722352] Memory state around the buggy address:
[   21.722546]  ffff88810291df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.722749]  ffff88810291e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.723345] >ffff88810291e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   21.723645]                                                     ^
[   21.723896]  ffff88810291e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.724484]  ffff88810291e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.724801] ==================================================================
[   21.725192] ==================================================================
[   21.725419] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0
[   21.725692] Write of size 1 at addr ffff88810291e0ea by task kunit_try_catch/191
[   21.726118] 
[   21.726287] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) 
[   21.726351] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.726363] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.726382] Call Trace:
[   21.726396]  <TASK>
[   21.726428]  dump_stack_lvl+0x73/0xb0
[   21.726452]  print_report+0xd1/0x650
[   21.726472]  ? __virt_addr_valid+0x1db/0x2d0
[   21.726493]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   21.726514]  ? kasan_addr_to_slab+0x11/0xa0
[   21.726535]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   21.726556]  kasan_report+0x141/0x180
[   21.726576]  ? krealloc_less_oob_helper+0xe90/0x11d0
[   21.726601]  __asan_report_store1_noabort+0x1b/0x30
[   21.726624]  krealloc_less_oob_helper+0xe90/0x11d0
[   21.726647]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   21.726669]  ? irqentry_exit+0x2a/0x60
[   21.726688]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   21.726717]  krealloc_large_less_oob+0x1c/0x30
[   21.726738]  kunit_try_run_case+0x1a5/0x480
[   21.726762]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.726802]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.726859]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.726885]  ? __kthread_parkme+0x82/0x180
[   21.726924]  ? preempt_count_sub+0x50/0x80
[   21.726958]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.726980]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.727002]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.727024]  kthread+0x337/0x6f0
[   21.727042]  ? trace_preempt_on+0x20/0xc0
[   21.727063]  ? __pfx_kthread+0x10/0x10
[   21.727098]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.727129]  ? calculate_sigpending+0x7b/0xa0
[   21.727152]  ? __pfx_kthread+0x10/0x10
[   21.727172]  ret_from_fork+0x116/0x1d0
[   21.727189]  ? __pfx_kthread+0x10/0x10
[   21.727208]  ret_from_fork_asm+0x1a/0x30
[   21.727237]  </TASK>
[   21.727247] 
[   21.734835] The buggy address belongs to the physical page:
[   21.735091] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10291c
[   21.735564] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.735791] flags: 0x200000000000040(head|node=0|zone=2)
[   21.735962] page_type: f8(unknown)
[   21.736313] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.736658] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   21.737230] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   21.737590] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000
[   21.738038] head: 0200000000000002 ffffea00040a4701 00000000ffffffff 00000000ffffffff
[   21.738389] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   21.738713] page dumped because: kasan: bad access detected
[   21.738969] 
[   21.739053] Memory state around the buggy address:
[   21.739267]  ffff88810291df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.739635]  ffff88810291e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.739844] >ffff88810291e080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
[   21.740054]                                                           ^
[   21.740682]  ffff88810291e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.741324]  ffff88810291e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[   21.741637] ==================================================================
[   21.521110] ==================================================================
[   21.521542] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0
[   21.521850] Write of size 1 at addr ffff88810038c8c9 by task kunit_try_catch/187
[   21.522428] 
[   21.522528] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) 
[   21.522576] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.522588] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.522609] Call Trace:
[   21.522621]  <TASK>
[   21.522636]  dump_stack_lvl+0x73/0xb0
[   21.522663]  print_report+0xd1/0x650
[   21.522683]  ? __virt_addr_valid+0x1db/0x2d0
[   21.522705]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   21.522726]  ? kasan_complete_mode_report_info+0x2a/0x200
[   21.522750]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   21.522772]  kasan_report+0x141/0x180
[   21.522791]  ? krealloc_less_oob_helper+0xd70/0x11d0
[   21.522817]  __asan_report_store1_noabort+0x1b/0x30
[   21.522838]  krealloc_less_oob_helper+0xd70/0x11d0
[   21.522862]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   21.522883]  ? finish_task_switch.isra.0+0x153/0x700
[   21.522903]  ? __switch_to+0x47/0xf50
[   21.522956]  ? __schedule+0x10cc/0x2b60
[   21.522980]  ? __pfx_read_tsc+0x10/0x10
[   21.523004]  krealloc_less_oob+0x1c/0x30
[   21.523023]  kunit_try_run_case+0x1a5/0x480
[   21.523047]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.523068]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.523088]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.523112]  ? __kthread_parkme+0x82/0x180
[   21.523130]  ? preempt_count_sub+0x50/0x80
[   21.523152]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.523175]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.523196]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.523218]  kthread+0x337/0x6f0
[   21.523236]  ? trace_preempt_on+0x20/0xc0
[   21.523258]  ? __pfx_kthread+0x10/0x10
[   21.523277]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.523298]  ? calculate_sigpending+0x7b/0xa0
[   21.523320]  ? __pfx_kthread+0x10/0x10
[   21.523340]  ret_from_fork+0x116/0x1d0
[   21.523357]  ? __pfx_kthread+0x10/0x10
[   21.523429]  ret_from_fork_asm+0x1a/0x30
[   21.523463]  </TASK>
[   21.523473] 
[   21.530959] Allocated by task 187:
[   21.531311]  kasan_save_stack+0x45/0x70
[   21.531484]  kasan_save_track+0x18/0x40
[   21.531642]  kasan_save_alloc_info+0x3b/0x50
[   21.531812]  __kasan_krealloc+0x190/0x1f0
[   21.532001]  krealloc_noprof+0xf3/0x340
[   21.532231]  krealloc_less_oob_helper+0x1aa/0x11d0
[   21.532463]  krealloc_less_oob+0x1c/0x30
[   21.532590]  kunit_try_run_case+0x1a5/0x480
[   21.532761]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.533277]  kthread+0x337/0x6f0
[   21.533449]  ret_from_fork+0x116/0x1d0
[   21.533619]  ret_from_fork_asm+0x1a/0x30
[   21.533768] 
[   21.533856] The buggy address belongs to the object at ffff88810038c800
[   21.533856]  which belongs to the cache kmalloc-256 of size 256
[   21.534381] The buggy address is located 0 bytes to the right of
[   21.534381]  allocated 201-byte region [ffff88810038c800, ffff88810038c8c9)
[   21.534865] 
[   21.534928] The buggy address belongs to the physical page:
[   21.535101] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10038c
[   21.535439] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.535781] flags: 0x200000000000040(head|node=0|zone=2)
[   21.535980] page_type: f5(slab)
[   21.536094] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   21.536514] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.536839] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   21.537166] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.537422] head: 0200000000000001 ffffea000400e301 00000000ffffffff 00000000ffffffff
[   21.537751] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   21.538045] page dumped because: kasan: bad access detected
[   21.538341] 
[   21.538406] Memory state around the buggy address:
[   21.538597]  ffff88810038c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.538802]  ffff88810038c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.539018] >ffff88810038c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   21.539365]                                               ^
[   21.539614]  ffff88810038c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.539918]  ffff88810038c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.540222] ==================================================================
[   21.561181] ==================================================================
[   21.561771] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0
[   21.562130] Write of size 1 at addr ffff88810038c8da by task kunit_try_catch/187
[   21.562456] 
[   21.562557] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250625 #1 PREEMPT(voluntary) 
[   21.562601] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.562612] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.562632] Call Trace:
[   21.562649]  <TASK>
[   21.562664]  dump_stack_lvl+0x73/0xb0
[   21.562687]  print_report+0xd1/0x650
[   21.562707]  ? __virt_addr_valid+0x1db/0x2d0
[   21.562728]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   21.562749]  ? kasan_complete_mode_report_info+0x2a/0x200
[   21.562773]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   21.562794]  kasan_report+0x141/0x180
[   21.562814]  ? krealloc_less_oob_helper+0xec6/0x11d0
[   21.562839]  __asan_report_store1_noabort+0x1b/0x30
[   21.562861]  krealloc_less_oob_helper+0xec6/0x11d0
[   21.562884]  ? __pfx_krealloc_less_oob_helper+0x10/0x10
[   21.562906]  ? finish_task_switch.isra.0+0x153/0x700
[   21.562925]  ? __switch_to+0x47/0xf50
[   21.562961]  ? __schedule+0x10cc/0x2b60
[   21.562984]  ? __pfx_read_tsc+0x10/0x10
[   21.563007]  krealloc_less_oob+0x1c/0x30
[   21.563026]  kunit_try_run_case+0x1a5/0x480
[   21.563049]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.563070]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.563089]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.563112]  ? __kthread_parkme+0x82/0x180
[   21.563187]  ? preempt_count_sub+0x50/0x80
[   21.563208]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.563231]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.563252]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.563274]  kthread+0x337/0x6f0
[   21.563292]  ? trace_preempt_on+0x20/0xc0
[   21.563314]  ? __pfx_kthread+0x10/0x10
[   21.563332]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.563354]  ? calculate_sigpending+0x7b/0xa0
[   21.563376]  ? __pfx_kthread+0x10/0x10
[   21.563395]  ret_from_fork+0x116/0x1d0
[   21.563412]  ? __pfx_kthread+0x10/0x10
[   21.563431]  ret_from_fork_asm+0x1a/0x30
[   21.563458]  </TASK>
[   21.563468] 
[   21.571260] Allocated by task 187:
[   21.571500]  kasan_save_stack+0x45/0x70
[   21.571638]  kasan_save_track+0x18/0x40
[   21.571762]  kasan_save_alloc_info+0x3b/0x50
[   21.571900]  __kasan_krealloc+0x190/0x1f0
[   21.572041]  krealloc_noprof+0xf3/0x340
[   21.572198]  krealloc_less_oob_helper+0x1aa/0x11d0
[   21.572608]  krealloc_less_oob+0x1c/0x30
[   21.572801]  kunit_try_run_case+0x1a5/0x480
[   21.573016]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.573346]  kthread+0x337/0x6f0
[   21.573457]  ret_from_fork+0x116/0x1d0
[   21.573577]  ret_from_fork_asm+0x1a/0x30
[   21.573703] 
[   21.573765] The buggy address belongs to the object at ffff88810038c800
[   21.573765]  which belongs to the cache kmalloc-256 of size 256
[   21.574115] The buggy address is located 17 bytes to the right of
[   21.574115]  allocated 201-byte region [ffff88810038c800, ffff88810038c8c9)
[   21.575200] 
[   21.575296] The buggy address belongs to the physical page:
[   21.575542] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10038c
[   21.575893] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.576230] flags: 0x200000000000040(head|node=0|zone=2)
[   21.576400] page_type: f5(slab)
[   21.576561] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   21.576780] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.577598] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000
[   21.578057] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   21.578761] head: 0200000000000001 ffffea000400e301 00000000ffffffff 00000000ffffffff
[   21.579073] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[   21.579420] page dumped because: kasan: bad access detected
[   21.579616] 
[   21.579702] Memory state around the buggy address:
[   21.579872]  ffff88810038c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.580088]  ffff88810038c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.580296] >ffff88810038c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
[   21.580504]                                                     ^
[   21.580866]  ffff88810038c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.581282]  ffff88810038c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.581593] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2yzYOk343WUC6Wpt3myROi1ycEp

job_id

TEST:linaro@lkft#2yzYVNT6IUjhjLdh7nstgLFd505

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yzYVNT6IUjhjLdh7nstgLFd505

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yzYRjK4yPgWCSPteds1wuyRjxm/bzImage
sha256sum	a36e634a4a78f2929b45bc04de080bad523a4659b57f144ae08b96bb49e6195c

rootfs

url	https://storage.tuxboot.com/debian/20250617/trixie/amd64/rootfs.ext4.xz
sha256sum	a7dcdb286e1265c85a4d6cd5429adc51604a3ebde1d9a3c934aef78862d5fee4

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yzYRjK4yPgWCSPteds1wuyRjxm/modules.tar.xz
sha256sum	20f0a98822a7ed9176a2a3211e41859c1b0cc5afa6ae6640cdcd27770eeb51ec

durations

tests

boot	0
kunit	118.62

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit